Syslog-ng usage¶
The syslog_ng state modul is to generate syslog-ng configurations. You can do the following things:
- generate syslog-ng configuration from YAML,
- use non-YAML configuration,
- start, stop or reload syslog-ng.
There is also an execution module, which can check the syntax of the configuration, get the version and other information about syslog-ng.
Configuration¶
The following configuration is an example, how a complete syslog-ng state configuration looks like:
# Set the location of the configuration file
"/home/tibi/install/syslog-ng/etc/syslog-ng.conf":
syslog_ng.set_config_file
# The syslog-ng and syslog-ng-ctl binaries are here. You needn't use
# this method if these binaries can be found in a directory in your PATH.
"/home/tibi/install/syslog-ng/sbin":
syslog_ng.set_binary_path
# Writes the first lines into the config file, also erases its previous
# content
"3.6":
syslog_ng.write_version
# Some global options
global_options:
syslog_ng.config:
- config:
options:
- time_reap: 30
- mark_freq: 10
- keep_hostname: "yes"
s_localhost:
syslog_ng.config:
- config:
source:
- tcp:
- ip: "127.0.0.1"
- port: 1233
d_log_server:
syslog_ng.config:
- config:
destination:
- tcp:
- "127.0.0.1"
- port: 1234
l_log_to_central_server:
syslog_ng.config:
- config:
log:
- source: s_localhost
- destination: d_log_server
some_comment:
syslog_ng.write_config:
- config: |
# Multi line
# comment
auto_start_or_reload:
{% set pids = salt["ps.pgrep"]("syslog-ng") %}
{% if pids == None or pids|length == 0 %}
syslog_ng.started:
- user: tibi
{% else %}
syslog_ng.reloaded
{% endif %}
#auto_stop:
# syslog_ng.stopped
The 3.6, s_devlog, d_log_server, etc. are identifiers. The
second lines in each block are functions and their first parameter is
their id. The - config is the second named parameter of the
syslog_ng.config function. This function can generate the syslog-ng
configuration from YAML. If the statement (source, destination, parser,
etc.) has a name, this function uses the id as the name, otherwise (log
statement) it's purpose is like a mandatory comment.
You can use set_binary_path to set the directory which contains the
syslog-ng and syslog-ng-ctl binaries. If this directory is in your PATH,
you don't need to use this function.
Under auto_start_or_reload you can see a Jinja template. If
syslog-ng isn't running it will start it, otherwise reload it. It uses
the process name syslog-ng to determine its running state. I suggest
that you use service state if it's available on your system.
After execution this example the syslog_ng state will generate this file:
#Generated by Salt on 2014-06-19 16:53:11
@version: 3.6
options {
time_reap(30);
mark_freq(10);
keep_hostname(yes);
};
source s_localhost {
tcp(
ip("127.0.0.1"),
port(1233)
);
};
destination d_log_server {
tcp(
"127.0.0.1",
port(1234)
);
};
log {
source(s_localhost);
destination(d_log_server);
};
# Multi line
# comment
Users can include arbitrary texts in the generated configuration with
using the write_config function.
Examples¶
Simple source¶
source s_tail {
file(
"/var/log/apache/access.log",
follow_freq(1),
flags(no-parse, validate-utf8)
);
};
s_tail:
# Salt will call the source function of syslog_ng module
syslog_ng.config:
- config:
source:
- file:
- file: "/var/log/apache/access.log"
- follow_freq : 1
- flags:
- no-parse
- validate-utf8
OR
s_tail:
syslog_ng.config:
- config:
source:
- file:
- "/var/log/apache/access.log"
- follow_freq : 1
- flags:
- no-parse
- validate-utf8
Complex source¶
source s_gsoc2014 {
tcp(
ip("0.0.0.0"),
port(1234),
flags(no-parse)
);
};
s_gsoc2014:
syslog_ng.config:
- config:
source:
- tcp:
- ip: 0.0.0.0
- port: 1234
- flags: no-parse
Filter¶
filter f_json {
match(
"@json:"
);
};
f_json:
syslog_ng.config:
- config:
filter:
- match:
- "@json:"
Template¶
template t_demo_filetemplate {
template(
"$ISODATE $HOST $MSG "
);
template_escape(
no
);
};
t_demo_filetemplate:
syslog_ng.config:
-config:
template:
- template:
- "$ISODATE $HOST $MSG\n"
- template_escape:
- "no"
Rewrite¶
rewrite r_set_message_to_MESSAGE {
set(
"${.json.message}",
value("$MESSAGE")
);
};
r_set_message_to_MESSAGE:
syslog_ng.config:
- config:
rewrite:
- set:
- "${.json.message}"
- value : "$MESSAGE"
Global options¶
options {
time_reap(30);
mark_freq(10);
keep_hostname(yes);
};
global_options:
syslog_ng.config:
- config:
options:
- time_reap: 30
- mark_freq: 10
- keep_hostname: "yes"
Log¶
log {
source(s_gsoc2014);
junction {
channel {
filter(f_json);
parser(p_json);
rewrite(r_set_json_tag);
rewrite(r_set_message_to_MESSAGE);
destination {
file(
"/tmp/json-input.log",
template(t_gsoc2014)
);
};
flags(final);
};
channel {
filter(f_not_json);
parser {
syslog-parser(
);
};
rewrite(r_set_syslog_tag);
flags(final);
};
};
destination {
file(
"/tmp/all.log",
template(t_gsoc2014)
);
};
};
l_gsoc2014:
syslog_ng.config:
- config:
log:
- source: s_gsoc2014
- junction:
- channel:
- filter: f_json
- parser: p_json
- rewrite: r_set_json_tag
- rewrite: r_set_message_to_MESSAGE
- destination:
- file:
- "/tmp/json-input.log"
- template: t_gsoc2014
- flags: final
- channel:
- filter: f_not_json
- parser:
- syslog-parser: []
- rewrite: r_set_syslog_tag
- flags: final
- destination:
- file:
- "/tmp/all.log"
- template: t_gsoc2014
